EP2707989B1 - Device and method for generating keys with enhanced security for fully homomorphic encryption algorithm - Google Patents
Device and method for generating keys with enhanced security for fully homomorphic encryption algorithm Download PDFInfo
- Publication number
- EP2707989B1 EP2707989B1 EP12717737.6A EP12717737A EP2707989B1 EP 2707989 B1 EP2707989 B1 EP 2707989B1 EP 12717737 A EP12717737 A EP 12717737A EP 2707989 B1 EP2707989 B1 EP 2707989B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- generating
- secret
- random
- key
- keys
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Description
Le domaine de l'invention est celui des dispositifs de chiffrement dit pleinement homomorphique.The field of the invention is that of so-called fully homomorphic encryption devices.
Plus précisément, l'invention concerne la mise en oeuvre d'opérations et de traitements numériques de génération de clés destinées à un algorithme de chiffrement homomorphique mis en oeuvre dans des microprocesseurs et ce de façon à procurer un niveau de sécurité significativement plus élevé que l'art antérieur.More specifically, the invention relates to the implementation of operations and digital key generation processes for a homomorphic encryption algorithm implemented in microprocessors and this to provide a significantly higher level of security than the prior art.
L'invention concerne tout particulièrement les infrastructures et dispositifs de génération de clés.The invention particularly relates to infrastructure and key generation devices.
Le traitement cryptographique de données numériques nécessite souvent d'effectuer des opérations de chiffrement à clé publique.Cryptographic processing of digital data often requires public key encryption.
Dans un algorithme de chiffrement à clé publique, le chiffreur chiffre un message m à l'aide d'un algorithme de chiffrement E en un chiffré c = E(PK,m), à l'aide d'une clé publique, notée PK. In a public key encryption algorithm, the encryptor encrypts a message m using an encryption algorithm E into an encrypted c = E (PK, m), using a public key, denoted by PK .
Le destinataire du message, déchiffre le chiffré c en appliquant une fonction de déchiffrement D telle que m=D(SK,c) où SK est une clé secrète liée à la clé publique PK. The recipient of the message decrypts the encrypted c by applying a decryption function D such that m = D (SK, c) where SK is a secret key linked to the public key PK.
Les clés publique et secrète (respectivement PK et SK) sont générées à l'aide d'un algorithme probabiliste dit algorithme de génération de clés.The public and secret keys (respectively PK and SK ) are generated using a probabilistic algorithm called key generation algorithm.
Par exemple, des algorithmes de chiffrement à clé publique célèbres sont l'algorithme dit RSA décrit dans le brevet américain
Il est particulièrement intéressant, pour de nombreuses applications pratiques, de disposer d'un Algorithme Pleinement Homomorphique à Clé Publique (APHCP).It is particularly interesting, for many practical applications, to have a Fully Homomorphic Algorithm with Public Key (APHCP).
Un APHCP comporte outre les algorithmes E et D, deux autres algorithmes notés ADD et MUL ayant, pour tous messages m[1] et m[2], les propriétés suivantes :In addition to algorithms E and D, an APHCP includes two other algorithms, ADD and MUL, having, for all messages m [1] and m [2], the following properties:
Il est possible de montrer que même si les opérations m[1] + m[2] et m[1] × m[2] s'entendent modulo 2 (à savoir « + » représente l'opération logique de « ou exclusif » et « × » représente le « et logique »), on peut coder n'importe quel traitement complexe de données à l'aide de ces deux seules opérations.It can be shown that even if the operations m [1] + m [2] and m [1] × m [2] are modulo 2 (ie "+" represents the logical operation of "or exclusive" and "×" stands for "and logic"), any complex data processing can be coded using these two operations alone.
Les applications des APHCP sont multiples :
- Des APHCP permettent par exemple d'effectuer des calculs sur les données médicales de patients présents dans une base de données sans pour autant avoir à révéler leur identité.
- Des APHCP permettent de connaître le nombre de voix obtenues par les candidats d'une élection sans que l'on dévoile l'identité des votants.
- Des APHCP permettent la création de protocoles de paiement anonymes.
- Des APHCP permettent la création d'un système de ventes où le montant des enchères resterait inconnu, afin d'éviter que le vendeur cherche la surenchère. Seul le montant le plus important serait dévoilé à la fin de la procédure.
- For example, APHCPs make it possible to perform calculations on the medical data of patients present in a database without having to reveal their identity.
- The APHCP make it possible to know the number of votes obtained by the candidates of an election without revealing the identity of the voters.
- APHCPs allow the creation of anonymous payment protocols.
- APHCP allow the creation of a sales system where the amount of auctions would remain unknown, to prevent the seller seeks outbid. Only the largest amount would be disclosed at the end of the process.
Un premier APHCP a été publié par Craig Gentry dans le document D1 correspondant à l'article intitulé
Les documents D1 et D2 sont incorporés par référence à la présente description.Documents D1 and D2 are incorporated by reference in the present description.
Dans la méthode vDGHV, le procédé de génération G de clés secrètes et publiques commence par générer un nombre impair p correspondant à une clé secrète SK, appelée clé secrète vDGHV, et une clé publique PK, appelée clé publique vDGHV correspondant à une collection de nombres entiers x[i] = q[i] × p + r[i] pour i allant de 0 à k, avec q[i] et r[i] qui sont des nombres aléatoires respectant les contraintes spécifiées dans le document D2.In the method vDGHV, the method of generation G of secret and public keys begins by generating an odd number p corresponding to a secret key SK, called secret key vDGHV, and a public key PK, called public key vDGHV corresponding to a collection of numbers integers x [i] = q [i] × p + r [i] for i ranging from 0 to k, with q [i] and r [i] being random numbers meeting the constraints specified in document D2 .
Les nombres x[i] sont tels que r[i] est de faible taille relativement à x[i] (par exemple r[i] est un nombre de 80 ou 100 bits).The numbers x [i] are such that r [i] is small relative to x [i] (for example r [i] is a number of 80 or 100 bits).
L'un des éléments de la clé publique vDGHV, l'élément noté x[0], présente une particularité : pour l'élément x[0], la condition initiale suivante doit être observée : r[0]=0. One of the elements of the public key vDGHV, the element denoted x [0], has a peculiarity: for the element x [0] , the following initial condition must be observed: r [0] = 0.
Afin de chiffrer (via l'algorithme E) un bit m, l'expéditeur calcule : c=m+2r+2Z où:
- r est un nombre aléatoire de taille à peu près similaire à celle des r[i] (la différence pouvant par exemple être d'un bit ou deux) ;
- Z = x[1] e[1] + ... + x[k] e[k] où les e[i] sont des bits aléatoires (i.e e[i] = 0 ou 1 de manière aléatoire).
- r is a random number of size roughly similar to that of r [i] (the difference may for example be a bit or two);
- Z = x [1] e [1] + ... + x [k] e [k] where the e [i] are random bits (ie e [i] = 0 or 1 randomly).
Afin de déchiffrer (via l'algorithme D) un chiffré c, le récepteur calcule : m = (c mod p) mod 2. In order to decipher (via the algorithm D ) an encryption c, the receiver calculates: m = (c mod p) mod 2.
La mise en oeuvre des opérations ADD et MUL, utilise la technique dite de « bootstrapping » (correspondant à une technique d'inférence statistique), connue de l'homme du métier, et décrite dans le document D2. The implementation of operations ADD and MUL, uses the so-called " bootstrapping " technique (corresponding to a technique of statistical inference), known to those skilled in the art, and described in document D2.
Le procédé de génération de la clé publique vDGHV, dont il a été question précédemment est mis en oeuvre sur un dispositif matériel 10 dont l'architecture matérielle est illustrée par la
Un microprocesseur 11 est connecté à un moyen d'interface d'entrée et de sortie de données 12, à un générateur aléatoire 13 et à une mémoire 14 dans laquelle le microprocesseur lit les instructions encodant un programme Pg mettant en oeuvre le procédé de génération G de clés vDGHV.A microprocessor 11 is connected to an input and a data output interface means 12, to a
Au démarrage, le microprocesseur 11 commence à lire le programme Pg dans la mémoire 14. Lors de son exécution sur le microprocesseur 11, le programme Pg génère la clé secrète SK correspondant à un nombre impair p, et la clé publique PK = x[0], ...,x[k]. At startup, the microprocessor 11 starts reading the program Pg in the
Une fois les éléments x[i] obtenus, le programme Pg donne instruction au microprocesseur 11 de communiquer les éléments x[0], ...,x[k] via l'interface d'entrée et de sortie de données 12 à destination d'un autre dispositif.Once the elements x [i] have been obtained, the program Pg instructs the microprocessor 11 to communicate the elements x [0],..., X [k] via the data input and
Le procédé de génération G de clés vDGHV, illustré par la
- Définir r[0]=0 ;
- Générer un nombre aléatoire impair p (correspondant à la clé secrète SK) ;
- Générer k nombres aléatoires r[i] notés r[1],...,r[k];
- Générer k+1 nombres aléatoires q[i] notés q[0], ...,q[k].
- Define r [0] = 0 ;
- Generate an odd random number p (corresponding to the secret key SK );
- Generate k random numbers r [i] denoted r [1], ..., r [k];
- Generate k + 1 random numbers q [i] denoted q [0] , ..., q [k].
Puis, une étape d'obtention est mise en oeuvre afin de déterminer les éléments x[i] = q[i] p + r[i] pour i allant de 0 à k définissant la clé publique PK. Then, a obtaining step is implemented in order to determine the elements x [i] = q [i] p + r [i] for i ranging from 0 to k defining the public key PK.
Le procédé de génération G de clés vDGHV mentionné précédemment présente une faille de sécurité.The aforementioned G key generation method vDGHV has a security flaw.
En effet, dans la mesure où la clé secrète SK correspondant au nombre p qui est un nombre impair aléatoire, il est tout à fait possible que ce nombre p puisse s'écrire comme un produit de facteurs premiers :
Ici, les nombres p[i] représentent des nombres premiers et les entiers a[i] représentent des puissances, c'est-à-dire le nombre de fois que chaque p[i] apparaît dans la clé secrète p.Here, the numbers p [i] represent prime numbers and the integers a [i] represent powers, that is to say the number of times each p [i] appears in the secret key p.
Il est connu de l'homme du métier que des méthodes permettant de décomposer entièrement ou partiellement p en facteurs premiers existent. Par exemple, une première méthode connue sous le nom de factorisation en courbe elliptique de Lenstra permet d'extraire certains facteurs premiers de nombres entiers. Cette première méthode est décrite dans l'article de
En appliquant une telle méthode de factorisation à la clé publique x[0] = p × q[0] = q[0] × p[1] α[1] × ... × p[L] α[L] , un éventuel attaquant pourrait découvrir au moins un facteur p[j] entrant dans la composition de p. By applying such a factorization method to the public key x [0] = p × q [0] = q [0] × p [1] α [1] × ... × p [L] α [L] , a possible attacker could discover at least one factor p [j] entering the composition of p.
L'attaquant peut ensuite calculer la quantité t=x[1] mod p[j]. En effet, t = x[1] mod p[j] = r[1] mod p[j]. The attacker can then calculate the quantity t = x [1] mod p [j]. Indeed, t = x [1] mod p [j] = r [1] mod p [j].
A partir de là, deux cas de figure peuvent se présenter :
- 1. Si p[j] > r[1], alors t = r[1], et la clé secrète peut être déterminée directement en calculant p = PGCD(x[0],x[1]-t).
- 2. Si p[j] < r[1], alors l'attaquant détermine la valeur t= r[1] mod p[j], ce qui lui permet de rechercher exhaustivement la valeur de r[1] plus rapidement. Dans ce cas, l'attaquant tentera de calculer la quantité PGCD(x[0],x[1]-t-p[j]×i) pour différentes valeurs de i jusqu'à ce que pour une certaine valeur de i l'opération PGCD(x[0],x[1]-t-p[j]×i) révèle la clé secrète SK correspondant au nombre impair aléatoire p.
- 1. If p [j] > r [1], then t = r [1], and the secret key can be determined directly by calculating p = PGCD (x [0], x [1] -t).
- 2. If p [j] <r [1], then the attacker determines the value t = r [1] mod p [j], which allows him to search exhaustively for the value of r [1] more quickly. In this case, the attacker will attempt to compute the amount PGCD ( x [ 0 ], x [1] - t - p [j] × i ) for different values of i until for a certain value of i PGCD operation (x [0], x [1] -tp [j] × i) reveals the secret key SK corresponding to the random odd number p .
Ainsi, il n'était pas évident pour l'homme du métier de détecter et de formuler ce problème de sécurité inhérent à l'utilisation du procédé de génération G de clés vDGHV. L'invention est donc au moins en partie une invention de problème, correspondant à la détection de cette faille de sécurité.Thus, it was not obvious to those skilled in the art to detect and formulate this safety problem inherent in the use of the generation method. G of vDGHV keys. The invention is therefore at least in part a problem invention, corresponding to the detection of this security breach.
L'invention a pour objectif général de pallier à au moins certains inconvénients de la technique connue de vDGHV.The general object of the invention is to overcome at least certain disadvantages of the known technique of vDGHV.
Plus précisément, un premier objectif de l'invention est de fournir une technique permettant de générer des clés secrètes et publiques résistantes pour la méthode d'APHCP de vDGHV décrite précédemment.More specifically, a first object of the invention is to provide a technique for generating secret and public resistant keys for the APHCP method of vDGHV described above.
Un autre objectif d'au moins un mode de réalisation de l'invention est de fournir une technique permettant d'augmenter le niveau de sécurité des clés utilisées pour le chiffrement et le déchiffrement.Another objective of at least one embodiment of the invention is to provide a technique for increasing the security level of the keys used for encryption and decryption.
Il est proposé un procédé de génération de clés secrètes et publiques vDGHV à sécurité renforcée, mis en oeuvre dans un dispositif comprenant au moins un microprocesseur et une mémoire, caractérisé en ce qu'il comprend une étape de génération d'une clé secrète SK correspondant à la génération d'un nombre aléatoire p difficile ou impossible à factoriser.It is proposed a method of generation of secret and public keys vDGHV enhanced security, implemented in a device comprising at least one microprocessor and a memory, characterized in that it comprises a step of generating a secret key SK corresponding the generation of a random number p difficult or impossible to factorize.
Un tel procédé assure, selon un premier mode de réalisation, la génération de clés renforcée à l'aide de l'algorithme de chiffrement pleinement homomorphique à clé publique publié dans le document D2, modifié de sorte à comporter les étapes suivantes :
- (a) Définir r[0]=0 ;
- (b) Générer un nombre premier aléatoire p, qui est par définition impossible à factoriser ;
- (c) Générer k nombres aléatoires r[i] notés r[1],...,r[k] ;
- (d) Générer k+1 nombres aléatoires q[i] notés q[0],..., q[k] ;
- (e) Former les éléments de la clé publique x[i] = q[i] p + r[i] pour i allant de 0 à k ;
- (f) Retourner la clé publique {x[0], ...,x[k]} et la clé secrète p.
- (a) Define r [0] = 0 ;
- (b) Generate a random prime number p , which is by definition impossible to factorize;
- (c) Generate k random numbers r [i] denoted r [1], ..., r [k];
- (d) Generate k + 1 random numbers q [i] denoted q [0], ..., q [k];
- (e) forming the elements of the public key x [i] = q [i] p + r [i] for i ranging from 0 to k;
- (f) Return the public key { x [0], ..., x [k] } and the secret key p.
Ainsi, ce procédé permet un accroissement de sécurité du fait de l'impossibilité calculatoire accrue pour retrouver la valeur de p. Thus, this method allows an increase in security due to the increased computational impossibility to find the value of p.
Dans une variante, il est proposé un procédé de génération de clés renforcée pour l'algorithme de chiffrement pleinement homomorphique à clé publique publié dans le document D2, modifié de sorte à comporter les étapes suivantes :
- (a) Définir r[0]=0 ;
- (b) Générer un nombre aléatoire p difficile à factoriser ;
- (c) Générer k nombres aléatoires r[i] notés r[1], ...,r[k] ;
- (d) Générer k+1 nombres aléatoires q[i] notés q[0], ...,q[k] ;
- (e) Former les éléments de la clé publique x[i] = q[i] p + r[i] pour i allant de 0 à k;
- (f) Retourner la clé publique {x[0], ...,x[k]} et la clé secrète p.
- (a) Define r [0] = 0 ;
- (b) Generate a random number p difficult to factorize;
- (c) Generate k random numbers r [i] denoted r [1], ..., r [k] ;
- (d) Generate k + 1 random numbers q [i] denoted q [0], ..., q [k] ;
- (e) forming the elements of the public key x [i] = q [i] p + r [i] for i ranging from 0 to k ;
- (f) Return the public key { x [0], ..., x [k]} and the secret key p.
Un nombre aléatoire p difficile à factoriser est un nombre dont la taille et la composition est choisie de sorte que l'opération de factorisation (qui a une complexité exponentielle en termes de temps de calculs et de ressources mémoire) soit irréalisable par un attaquant.A random number p difficult to factorize is a number whose size and composition is chosen so that the factorization operation (which has an exponential complexity in terms of computation time and memory resources) is unattainable by an attacker.
Dans un autre mode de réalisation, il est proposé un dispositif de calcul comportant un microprocesseur connecté à un moyen d'interface d'entrée et de sortie de données, à un générateur aléatoire et à une mémoire de laquelle ledit microprocesseur lit les instructions encodant un programme inventif de génération de clés fonctionnant selon l'un quelconque des procédés décrits précédemment.In another embodiment, there is provided a computing device having a microprocessor connected to a data input and output interface means, a random generator and a memory of which said microprocessor reads the instructions encoding a inventive key generation program operating according to any of the methods described above.
Le dispositif matériel de génération de clés du procédé vDGHV de l'art antérieur est décrit dans la
Les étapes principales du procédé de génération G de clés vDGHV sont décrites dans la
La
La génération inventive des éléments x[i] de la clé publique PK à sécurité renforcée pour un algorithme de type vDGHV sur une architecture matérielle est effectuée de la manière suivante.The inventive generation of elements x [i] of the PK security public key for a vDGHV type algorithm on a hardware architecture is performed as follows.
L'architecture matérielle du dispositif selon l'invention (non représenté) reprend les éléments de l'architecture matérielle du dispositif 10 de l'art antérieur décrit dans la
Le procédé de génération G' de clés diffère du procédé de génération G de clés décrit précédemment par l'étape de génération de la clé secrète.The key generation method G 'differs from the key generation method G previously described by the step of generating the secret key.
Au démarrage, le microprocesseur 11 génère la clé secrète p selon un mode de réalisation de l'invention, et les éléments correspondants x[0],...,x[k] de la clé publique.At startup, the microprocessor 11 generates the secret key p according to one embodiment of the invention, and the corresponding elements x [0], ..., x [k] of the public key.
Une fois les éléments x[i] générés, le dispositif selon l'invention transmet les éléments x[0],...,x[k] à destination d'un autre dispositif via l'interface d'entrée et de sortie de données 12.Once the elements x [i] have been generated, the device according to the invention transmits the elements x [0], ..., x [k] to another device via the input and output interface of
La
- Définir r[0] = 0 ;
- Générer un nombre aléatoire p difficile ou impossible à factoriser ;
- Générer k nombres aléatoires r[i] notés r[1],...,r[k] ;
- Générer k+1 nombres aléatoires q[i] notés q[0],...,q[k].
- Define r [0] = 0 ;
- Generate a random number p difficult or impossible to factorize;
- Generate k random numbers r [i] denoted r [1], ..., r [k] ;
- Generate k + 1 random numbers q [i] denoted q [0], ..., q [k] .
Remarquons que ces étapes peuvent être réalisées dans n'importe quel ordre.Note that these steps can be performed in any order.
Puis, une étape d'obtention est mise en oeuvre afin de déterminer les éléments x[i] = q[i] p + r[i] pour i allant de 0 à k définissant la clé publique PK. Then, a obtaining step is implemented in order to determine the elements x [i] = q [i] p + r [i] for i ranging from 0 to k defining the public key PK.
Selon un premier mode de réalisation, la clé secrète SK correspondant au nombre p est un nombre premier secret. Le mode de génération de tels nombres premiers secrets p est connu de l'homme du métier et est, par exemple utilisé afin de générer des clés secrètes pour l'algorithme RSA.According to a first embodiment, the secret key SK corresponding to the number p is a secret prime number. The mode of generating such secret prime numbers p is known to those skilled in the art and is for example used to generate secret keys for the RSA algorithm.
Selon un second mode de réalisation, la clé secrète SK correspondant au nombre p est un produit de nombres premiers qui est tel que le produit est difficile à factoriser. Le mode de génération de tels nombres p est connu de l'homme du métier et est, par exemple utilisé afin de générer des clés publiques pour l'algorithme RSA.According to a second embodiment, the secret key SK corresponding to the number p is a product of prime numbers which is such that the product is difficult to factorize. The mode of generating such numbers p is known to those skilled in the art and is for example used to generate public keys for the RSA algorithm.
Dans les deux cas, les tailles des paramètres p, q[i] et r[i] suivent les mêmes recommandations que celles décrites dans le document D2.In both cases, the sizes of the parameters p, q [i] and r [i] follow the same recommendations as those described in the document D2 .
Par ailleurs, l'une quelconque des variantes du procédé selon l'invention, décrites précédemment, peut également être implémentée sous forme de matériel dans un composant programmable de type FPGA (« Field Programmable Gate Array » en anglais) ou de type ASIC (« Application-Specific Integrated Circuit » en anglais).Moreover, any of the variants of the method according to the invention, described above, can also be implemented as hardware in a programmable component of the FPGA (Field Programmable Gate Array) type or ASIC type ( Application-Specific Integrated Circuit ".
Claims (6)
- Method for generating secret and public keys, obtained by means of a fully homomorphic public-key encryption algorithm based on arithmetic over the integers, called vDGHV secret keys and public keys, with enhanced security, implemented in a device comprising at least one microprocessor (11) and a memory (14), characterized in that it comprises a step for generating a secret key SK corresponding to a random prime number p, or product of prime numbers, whose size and composition is chosen so that the factoring operation of said random number p is unrealizable by an attacker.
- Method for generating keys according to claim 1 characterized in that it comprises the following steps:(a) defining r[0]=0;(b) generating said secret key SK corresponding to said random number p;(c) generating k random numbers r[i] denoted as r[1],...,r[k];(d) generating k+1 random numbers q[i] denoted as q[0],...,q[k];(e) forming said elements of the public key x[i] = q[i] p + r[i] for i ranging from 0 to k;(f) returning said public key PK = {x[0],...,x[k]} and the secret key SK = p.
- Device comprising at least one microprocessor (11) connected to a data input and output interface means (12), a random generator (13) of secret and public keys, obtained by means of a fully homomorphic public-key encryption algorithm based on arithmetic over the integers called vDGHV secret keys and public keys, with enhanced security, and a memory (14) in which said microprocessor implements means for generating a secret key SK corresponding to a random prime number p, or product of prime numbers, of large size, whose size and composition is chosen so that the factoring operation of said random number p is unrealizable by an attacker.
- Device according to claim 3 characterized in that said microprocessor (11) implements means for generating a secret key SK corresponding to a random prime number p.
- Computer program product comprising program code instructions for implementing the method according to at least one of the claims 1 to 2, when said program is executed on a computer.
- Computer-readable and non-transitory storage medium comprising a set of instructions executable by a computer or a processor to implement the method according to any one of the claims 1 to 2.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1153981A FR2975248B1 (en) | 2011-05-09 | 2011-05-09 | DEVICE AND METHOD FOR GENERATING REINFORCED SECURITY KEYS FOR FULLY HOMOMORPHIC ENCRYPTION ALGORITHM. |
PCT/EP2012/057879 WO2012152607A1 (en) | 2011-05-09 | 2012-04-30 | Device and method for generating keys with enhanced security for fully homomorphic encryption algorithm |
Publications (2)
Publication Number | Publication Date |
---|---|
EP2707989A1 EP2707989A1 (en) | 2014-03-19 |
EP2707989B1 true EP2707989B1 (en) | 2015-06-10 |
Family
ID=46022260
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP12717737.6A Active EP2707989B1 (en) | 2011-05-09 | 2012-04-30 | Device and method for generating keys with enhanced security for fully homomorphic encryption algorithm |
Country Status (6)
Country | Link |
---|---|
US (1) | US9338000B2 (en) |
EP (1) | EP2707989B1 (en) |
CA (1) | CA2832156A1 (en) |
ES (1) | ES2546560T3 (en) |
FR (1) | FR2975248B1 (en) |
WO (1) | WO2012152607A1 (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10333696B2 (en) | 2015-01-12 | 2019-06-25 | X-Prime, Inc. | Systems and methods for implementing an efficient, scalable homomorphic transformation of encrypted data with minimal data expansion and improved processing efficiency |
CN106160995B (en) * | 2015-04-21 | 2019-04-16 | 郑珂威 | The complete homomorphic cryptography method and system of multinomial based on coefficient mapping transformation |
US10546141B2 (en) * | 2015-05-13 | 2020-01-28 | Agency For Science, Technology And Research | Network system, and methods of encrypting data, decrypting encrypted data in the same |
US9780948B1 (en) * | 2016-06-15 | 2017-10-03 | ISARA Corporation | Generating integers for cryptographic protocols |
MX2019008264A (en) * | 2017-01-09 | 2020-01-27 | Arris Entpr Llc | Homomorphic white box system and method for using same. |
CN108111295B (en) * | 2017-12-15 | 2020-08-25 | 河海大学 | Homomorphic encryption method based on analog-to-analog operation |
US11032061B2 (en) * | 2018-04-27 | 2021-06-08 | Microsoft Technology Licensing, Llc | Enabling constant plaintext space in bootstrapping in fully homomorphic encryption |
CN108933650B (en) | 2018-06-28 | 2020-02-14 | 阿里巴巴集团控股有限公司 | Data encryption and decryption method and device |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4200770A (en) | 1977-09-06 | 1980-04-29 | Stanford University | Cryptographic apparatus and method |
US4405829A (en) | 1977-12-14 | 1983-09-20 | Massachusetts Institute Of Technology | Cryptographic communications system and method |
US4633036A (en) * | 1984-05-31 | 1986-12-30 | Martin E. Hellman | Method and apparatus for use in public-key data encryption system |
DE69840959D1 (en) * | 1997-12-17 | 2009-08-20 | Nippon Telegraph & Telephone | Encryption and decryption devices for public key cryptosystems and recording media having associated processing programs thereon. |
US6859533B1 (en) * | 1999-04-06 | 2005-02-22 | Contentguard Holdings, Inc. | System and method for transferring the right to decode messages in a symmetric encoding scheme |
EP1540880B1 (en) * | 2002-09-11 | 2006-03-08 | Giesecke & Devrient GmbH | Protected cryptographic calculation |
ATE463898T1 (en) * | 2006-01-02 | 2010-04-15 | Sap Ag | SYSTEM AND PROCEDURE FOR COMPARISONING PRIVATE ASSETS |
US8233618B2 (en) * | 2007-07-25 | 2012-07-31 | Sai Chuen Hui | Method and system for generating a pair of public key and secret key |
US8515058B1 (en) * | 2009-11-10 | 2013-08-20 | The Board Of Trustees Of The Leland Stanford Junior University | Bootstrappable homomorphic encryption method, computer program and apparatus |
-
2011
- 2011-05-09 FR FR1153981A patent/FR2975248B1/en active Active
-
2012
- 2012-04-30 ES ES12717737.6T patent/ES2546560T3/en active Active
- 2012-04-30 EP EP12717737.6A patent/EP2707989B1/en active Active
- 2012-04-30 WO PCT/EP2012/057879 patent/WO2012152607A1/en active Application Filing
- 2012-04-30 US US14/116,645 patent/US9338000B2/en active Active
- 2012-04-30 CA CA2832156A patent/CA2832156A1/en not_active Abandoned
Also Published As
Publication number | Publication date |
---|---|
CA2832156A1 (en) | 2012-11-15 |
US20140233731A1 (en) | 2014-08-21 |
EP2707989A1 (en) | 2014-03-19 |
FR2975248A1 (en) | 2012-11-16 |
ES2546560T3 (en) | 2015-09-24 |
US9338000B2 (en) | 2016-05-10 |
WO2012152607A1 (en) | 2012-11-15 |
FR2975248B1 (en) | 2013-06-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2707989B1 (en) | Device and method for generating keys with enhanced security for fully homomorphic encryption algorithm | |
EP3211823B1 (en) | Method for confidential execution of a program operating on data encrypted by means of homomorphic encryption | |
EP1151576B1 (en) | Public and private key cryptographic method | |
EP2296086B1 (en) | Protection of prime number generation against side-channel attacks | |
EP2458776A1 (en) | Method and system for protecting a cryptography device | |
EP2415199B1 (en) | Method for performing a cryptographic task in an electronic component | |
FR2809893A1 (en) | COUNTER-MEASUREMENT METHOD IN AN ELECTRONIC COMPONENT USING A PUBLIC KEY CRYPTOGRAPHY ALGORITHM ON AN ELLIPTICAL CURVE | |
EP3334121A1 (en) | Process of generating an electronic signature of a document associated to a digest | |
FR2880750A1 (en) | MICROPROCESSOR CARD AND CRYPTOGRAPHIC METHOD FOR PROTECTING A SECRET KEY | |
EP3300292B1 (en) | Encryption or decryption method protected against side channel attacks | |
EP3373509A1 (en) | Method for electronically signing a document with a predetermined secret key | |
EP1904921A1 (en) | Cryptographic method for securely implementing an exponentiation and related component | |
EP1224765B1 (en) | Countermeasure method in an electronic component which uses an rsa-type public key cryptographic algorithm | |
WO2013024230A2 (en) | Device and method for compressing public keys for a fully homomorphic encryption algorithm | |
EP1829279B1 (en) | Method and device for generating a key for a cryptographic algorithm | |
EP2225847B1 (en) | Method of sharing a strong secret between two parties, one of whom has little processing power | |
EP3407537B1 (en) | Method of electronically signing a document with a predetermined secret key | |
EP0962069B1 (en) | Cryptographic system comprising a ciphering and deciphering system and a key escrow system | |
EP3482524B1 (en) | Method for generating parameters characterizing a cryptographic protocol | |
EP2652899B1 (en) | Method and system for conditional access to a digital content, associated terminal and subscriber device | |
FR2916317A1 (en) | PROTECTION OF EXECUTION OF A CRYPTOGRAPHIC CALCULATION | |
FR3018372A1 (en) | MESSAGE GENERATION FOR CRYPTOGRAPHIC KEY GENERATION TEST | |
EP4024753A1 (en) | Method and electronic module for calculating a cryptographic quantity with carry-less multiplications, related method and electronic device for processing data, and computer program | |
EP3579491A1 (en) | Modular inverse determination method and associated cryptographic processing device | |
WO2005069122A2 (en) | Method for modular exponentiation, protected against dpa-type attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20130930 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
DAX | Request for extension of the european patent (deleted) | ||
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
INTG | Intention to grant announced |
Effective date: 20141105 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D Free format text: NOT ENGLISH |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: REF Ref document number: 731292 Country of ref document: AT Kind code of ref document: T Effective date: 20150715 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602012007899 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D Free format text: LANGUAGE OF EP DOCUMENT: FRENCH |
|
REG | Reference to a national code |
Ref country code: ES Ref legal event code: FG2A Ref document number: 2546560 Country of ref document: ES Kind code of ref document: T3 Effective date: 20150924 |
|
RAP2 | Party data changed (patent owner data changed or rights of a patent transferred) |
Owner name: INGENICO GROUP |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150910 |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20150610 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150910 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150911 Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20151012 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20151010 Ref country code: RO Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20150610 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602012007899 Country of ref document: DE |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 5 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 |
|
26N | No opposition filed |
Effective date: 20160311 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PFA Owner name: INGENICO GROUP, FR Free format text: FORMER OWNER: COMPAGNIE INDUSTRIELLE ET FINANCIERE D'INGENIERIE "INGENICO", FR |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20160430 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: NV Representative=s name: ICB INGENIEURS CONSEILS EN BREVETS SA, CH |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 6 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: PT Payment date: 20170321 Year of fee payment: 6 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: UEP Ref document number: 731292 Country of ref document: AT Kind code of ref document: T Effective date: 20150610 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: CH Payment date: 20170426 Year of fee payment: 6 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: BE Payment date: 20170425 Year of fee payment: 6 Ref country code: AT Payment date: 20170426 Year of fee payment: 6 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 7 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20120430 Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 Ref country code: MT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 Ref country code: MK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150610 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MM01 Ref document number: 731292 Country of ref document: AT Kind code of ref document: T Effective date: 20180430 |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20180430 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: MM4A |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180430 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180430 Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180430 Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180430 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20180430 |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: 732E Free format text: REGISTERED BETWEEN 20220127 AND 20220202 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R081 Ref document number: 602012007899 Country of ref document: DE Owner name: BANKS AND ACQUIRES INTERNATIONAL HOLDING, FR Free format text: FORMER OWNER: COMPAGNIE INDUSTRIELLE ET FINANCIERE D'INGENIERIE INGENICO, PARIS, FR Ref country code: DE Ref legal event code: R082 Ref document number: 602012007899 Country of ref document: DE Representative=s name: STUMPF PATENTANWAELTE PARTGMBB, DE |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: IT Payment date: 20230426 Year of fee payment: 12 Ref country code: FR Payment date: 20230427 Year of fee payment: 12 Ref country code: ES Payment date: 20230627 Year of fee payment: 12 Ref country code: DE Payment date: 20230420 Year of fee payment: 12 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20230419 Year of fee payment: 12 |